MongoDB是否支持TLS1.2以上版本?
Does MongoDB supports TLS1.2 version or above?
这是关于 MongoDB 的安全部分。
我看了MongoDB的文档,发现它支持TLS 1.0 & 1.1。
请问MongoDB支持TLS 1.2以上版本吗?
是的,有一段时间了。 2014 年 5 月 21 日 MongoDB 博客 post 中提到 here:
In order to protect the network traffic, SSL/TLS should be enabled
between clients and the server and in between servers. MongoDB
supports TLS 1.0, 1.1 and 1.2, all SSL versions are disabled. Enabling
TLS is well described in the security documentation.
貌似1.3也支持:
void recordTLSVersion(TLSVersion version, const HostAndPort& hostForLogging) {
StringData versionString;
auto& counts = mongo::TLSVersionCounts::get(getGlobalServiceContext());
switch (version) {
case TLSVersion::kTLS10:
counts.tls10.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_0) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.0"_sd;
}
break;
case TLSVersion::kTLS11:
counts.tls11.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_1) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.1"_sd;
}
break;
case TLSVersion::kTLS12:
counts.tls12.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_2) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.2"_sd;
}
break;
case TLSVersion::kTLS13:
counts.tls13.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_3) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.3"_sd;
}
break;
default:
counts.tlsUnknown.addAndFetch(1);
if (!sslGlobalParams.tlsLogVersions.empty()) {
versionString = "unknown"_sd;
}
break;
}
这是关于 MongoDB 的安全部分。
我看了MongoDB的文档,发现它支持TLS 1.0 & 1.1。
请问MongoDB支持TLS 1.2以上版本吗?
是的,有一段时间了。 2014 年 5 月 21 日 MongoDB 博客 post 中提到 here:
In order to protect the network traffic, SSL/TLS should be enabled between clients and the server and in between servers. MongoDB supports TLS 1.0, 1.1 and 1.2, all SSL versions are disabled. Enabling TLS is well described in the security documentation.
貌似1.3也支持:
void recordTLSVersion(TLSVersion version, const HostAndPort& hostForLogging) {
StringData versionString;
auto& counts = mongo::TLSVersionCounts::get(getGlobalServiceContext());
switch (version) {
case TLSVersion::kTLS10:
counts.tls10.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_0) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.0"_sd;
}
break;
case TLSVersion::kTLS11:
counts.tls11.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_1) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.1"_sd;
}
break;
case TLSVersion::kTLS12:
counts.tls12.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_2) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.2"_sd;
}
break;
case TLSVersion::kTLS13:
counts.tls13.addAndFetch(1);
if (std::find(sslGlobalParams.tlsLogVersions.cbegin(),
sslGlobalParams.tlsLogVersions.cend(),
SSLParams::Protocols::TLS1_3) != sslGlobalParams.tlsLogVersions.cend()) {
versionString = "1.3"_sd;
}
break;
default:
counts.tlsUnknown.addAndFetch(1);
if (!sslGlobalParams.tlsLogVersions.empty()) {
versionString = "unknown"_sd;
}
break;
}